1) Do I have to include a privacy policy when I use Google Analytics?

There are two sides to this question from a legal perspective. But actually only one answer: YES.

There is the legal side of it: Depending on where you are you may fall under European, American (Californian) or Australian privacy laws. The list could go on since most countries have some sort of privacy regulations that extend onto the web – and hefty penalties for non-compliance. Check out our Bonus for anonymizeIP

For analytics services in general: analytical services collect some sort of personally identifiable information as a rule of thumb, which is why you have to disclose this fact to people via something like a privacy policy: More information about the legal framework can be found here.

There is the company policy side to it as well: Does Google require me in their terms to have a privacy policy when I use their service? See the answer in the next paragraph (II).

2) Am I required by Google to post a privacy policy?

You will not (and will not allow any third party to) use the Service to track, collect or upload any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to such information by Google. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect traffic data, and You must not circumvent any privacy features (e.g., an opt-out) that are part of the Service.

And…

You may participate in an integrated version of Google Analytics and any DoubleClick product or service or any other Google display ads product or service (“Google Analytics for Display Advertisers”). If You use Google Analytics for Display Advertisers, You will comply with the Google Analytics for Display Advertisers Policy (available at http://support.google.com/analytics/bin/answer.py?hl=en&topic=2611283&answer=2700409 ) and, as set forth in the policy, disclose in Your Privacy Policy (i) Your use of Google Analytics for Display Advertisers and its features You use, and (ii) how Visitors can opt-out from Google Analytics for Display Advertisers. Your access to and use of any DoubleClick or Google display ads data is subject to the applicable terms between You and Google.

The most important part in these terms regarding the privacy policy:” You will have and abide by an appropriate Privacy Policy (…)“.

3) How do I add a privacy policy?

Usually, to make a privacy policy legally effective and compliant, it has to be easily found. A best practice is to link to your privacy policy from your footer where your users or visitors can find it at any given time. It should also not be modified to look like you want to hide it (smaller type, light colors that make it literally indistinguishable from the background).

4) An example privacy policy for Google Analytics?

A lot of people ask for sample privacy policies for their websites & Google Analytics. In reality those samples don’t do anyone much good because they’re far too generic. Let’s start with an enumeration of what needs to go into a privacy policy. Most countries’ privacy laws require you to include the following information:

– What kind of personal data is collected
– Describe how this information will be used by the company.
– Describe how this information will be transferred to third party companies.
– Provide instructions on how users can modify or delete their personal information.
– Provide instructions on how users can opt-out of future communications.
– Identify its effective date and outline how you notify people of material changes to your privacy policy.

Ideally you would tell the users what the service does in general and how you are using it.

Bonus 1: Display Advertising for Google Analytics

It’s possible to update your Google Analytics implementation with a snippet to support Display Advertising. This snippet makes use of the DoubleClick cookie and will additionally allow you to track things like

Help

Country

The software, materials and assistance provided by iubenda have the only purpose of helping users with compliance regarding their legal requirements. In particular, the templates iubenda provides are generated automatically, yet every word of our template has been written and continuously revised by a skilled legal team. However, as can be easily understood, nothing can substitute a professional legal consultancy in the drafting of your privacy policy, cookie policy or of any other legal document or compliance procedure. Our service does its best to provide you with a starting point, like an extremely sophisticated templates book, but even if we strive to provide the best assistance possible, we cannot guarantee any conformity with the law, which only a lawyer can do. Nothing on this site, therefore, shall be considered legal advice and no attorney-client relationship is established. Please note that in some cases, depending on your legislation, further actions may be required to make your activity compliant with the law.